Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
630
Views
0
Helpful
9
Replies

VPN Design advice

Go to solution
chris.stepniewski
Level 1
Level 1

‎04-06-2006 11:30 AM - edited ‎02-21-2020 02:21 PM

I usually deal with LAN/WAN issues but have very little experience with designing VPN's. I would like to know if I have the right idea or if there is a better solution to be designed.

Scenario:

There is an HQ with two remote offices. The remote offices have 10-20 people each with little to no growth planned and each have different firewall solutions. The HQ has 40-50 people with tremendous growth expected and a PIX 515E. The IT manager would like site-to-site VPN's for the remote offices and remote access VPN's for travelers. His biggest concern is speed across the site-to-site tunnels.

My solution:

Place a VPN 3005 Concentrator behind the PIX at the HQ and 800 series routers with VPN and Firewall feature sets at the remotes.

Does this look adequate? Any other recommendations?

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
attrgautam
Level 5
Level 5
In response to chris.stepniewski

‎04-10-2006 08:39 PM

No I dont think so. This should be fine for the 515 alone.

View solution in original post

0 Helpful
9 Replies 9

Go to solution
chris.stepniewski
Level 1
Level 1

‎04-07-2006 11:25 AM

Nobody has input? Would this even work?

0 Helpful

Go to solution
attrgautam
Level 5
Level 5
In response to chris.stepniewski

‎04-08-2006 07:56 AM

Well why do you need a VPN concentrator. You can terminate the tunnels on the PIX515 itself.

0 Helpful

Go to solution
chris.stepniewski
Level 1
Level 1
In response to attrgautam

‎04-08-2006 10:18 AM

Thanks for the response.

I was thinking of using a VPN concentrator since I need to terminate two tunnels and remote access VPN's. I thought they might tax the PIX.

I also thought about just buying two 501's for the remote sites and upgrading the 515. It would be cost effective but do you think the 515's performance would suffer with all those tunnels?

0 Helpful

Go to solution
attrgautam
Level 5
Level 5
In response to chris.stepniewski

‎04-09-2006 06:18 AM

How many tunnels are you looking at ? I think the 515 should handle all these tunnels with a VAC. You wouldnt need another concentrator. BTW r u using the 515 or 515 E. If 515, then suggest moving to 515E as it is EOS

0 Helpful

Go to solution
chris.stepniewski
Level 1
Level 1
In response to attrgautam

‎04-10-2006 07:08 AM

2 site-to-site tunnels and say 10 to 20 remote access VPN's at any given time. Would this level of use require a VAC?

Thanks again,

Chris

0 Helpful

Go to solution
attrgautam
Level 5
Level 5
In response to chris.stepniewski

‎04-10-2006 08:39 PM

No I dont think so. This should be fine for the 515 alone.

0 Helpful

Go to solution
chris.stepniewski
Level 1
Level 1
In response to attrgautam

‎04-11-2006 05:17 AM

Thanks for the assistance!

0 Helpful

Go to solution
abielko
Level 1
Level 1

‎04-10-2006 10:28 PM

Hi,

You have PIX at the HQ? So why do you need 3005? PIX is enought. For remote offices, it is up to you, also you can think about PIX'es 501 or 506

0 Helpful

Go to solution
chris.stepniewski
Level 1
Level 1
In response to abielko

‎04-11-2006 05:16 AM

Thanks for your response. We have established that a concentrator is not necessary and the existing equipment should suffice with the addition of a 501 at the remote sites.

0 Helpful
Customers Also Viewed These Support Documents